diff --git a/ChangeLog b/ChangeLog index 3b32873b2..d9fce9234 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ Changes * Disabled SSLv3 in the default configuration. * Optimized mbedtls_mpi_zeroize() for MPI integer size. (Fix by Alexey Skalozub). + * Fix non-compliance server extension handling. Extensions for SSLv3 are now + ignored, as required by RFC6101. = mbed TLS 2.2.1 released 2016-01-05 diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9fc21a5ef..5a51cbbd2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1507,6 +1507,12 @@ read_record_header: ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL; #endif + /* Do not parse the extensions if the protocol is SSLv3 */ +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) + { +#endif + /* * Check the extension length */ @@ -1692,8 +1698,13 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } + } +#if defined(MBEDTLS_SSL_PROTO_SSL3) + } +#endif + #if defined(MBEDTLS_SSL_FALLBACK_SCSV) for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 ) { @@ -2363,6 +2374,12 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", ssl->session_negotiate->compression ) ); + /* Do not write the extensions if the protocol is SSLv3 */ +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) + { +#endif + /* * First write extensions, then the total length */ @@ -2419,6 +2436,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) p += ext_len; } +#if defined(MBEDTLS_SSL_PROTO_SSL3) + } +#endif + ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;